Описание
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
Ссылки
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 L ...
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
Уязвимость функции mbedtls_ssl_read реализации протоколов TLS и SSL Mbed TLS, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
7.5 High
CVSS3
5 Medium
CVSS2